US9483422B2 - Access to memory region including confidential information - Google Patents
Access to memory region including confidential information Download PDFInfo
- Publication number
- US9483422B2 US9483422B2 US14/232,224 US201214232224A US9483422B2 US 9483422 B2 US9483422 B2 US 9483422B2 US 201214232224 A US201214232224 A US 201214232224A US 9483422 B2 US9483422 B2 US 9483422B2
- Authority
- US
- United States
- Prior art keywords
- memory
- requested
- access
- module
- allowed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/14—Handling requests for interconnection or transfer
- G06F13/16—Handling requests for interconnection or transfer for access to memory bus
- G06F13/1605—Handling requests for interconnection or transfer for access to memory bus based on arbitration
- G06F13/1642—Handling requests for interconnection or transfer for access to memory bus based on arbitration with request queuing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
- G06F1/24—Resetting means
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/22—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
- G06F11/2284—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing by power-on test, e.g. power-on self test [POST]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
- G06F12/1425—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
- G06F12/1433—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a module or a part of a module
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
- G06F12/1483—Protection against unauthorised use of memory or access to memory by checking the subject access rights using an access-table, e.g. matrix or list
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/14—Handling requests for interconnection or transfer
- G06F13/16—Handling requests for interconnection or transfer for access to memory bus
- G06F13/1605—Handling requests for interconnection or transfer for access to memory bus based on arbitration
- G06F13/1652—Handling requests for interconnection or transfer for access to memory bus based on arbitration in a multiprocessor architecture
- G06F13/1663—Access to shared memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/75—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01R—MEASURING ELECTRIC VARIABLES; MEASURING MAGNETIC VARIABLES
- G01R31/00—Arrangements for testing electric properties; Arrangements for locating electric faults; Arrangements for electrical testing characterised by what is being tested not provided for elsewhere
- G01R31/28—Testing of electronic circuits, e.g. by signal tracer
- G01R31/317—Testing of digital circuits
- G01R31/31719—Security aspects, e.g. preventing unauthorised access during test
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2143—Clearing memory, e.g. to prevent the data from being stolen
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
Definitions
- a device may store confidential information, such as a cryptographic security parameter (CSP).
- CSP cryptographic security parameter
- an integrity or security of the confidential information may be compromised if accessed by an unauthorized party.
- Programming a process of the device to only access confidential information for which the process has authority to access may be unreliable.
- the process may malfunction and/or be manipulated by an unauthorized party, such as a hacker, and access confidential information for which the process does not have authorization.
- an unauthorized party such as a hacker
- Manufacturers, vendors, and/or users are challenged to provide more secure methods for protecting confidential information.
- FIG. 1 is an example block diagram of a device for controlling access to a memory region
- FIG. 2 is an example block diagram of a permission module of the device of FIG. 1 ;
- FIG. 3 is an example block diagram of modules included in the permission module of the device of FIG. 2 ;
- FIG. 4 is another example block diagram of the permission module of the device of FIG.
- FIG. 5 is an example block diagram of a permission set of the permission module of FIG. 4 ;
- FIG. 6 is another example block diagram of a device for controlling access to a memory region
- FIG. 7 is an example block diagram of a system including the device of FIG. 6 ;
- FIG. 8 is an example block diagram of a computing device including instructions for controlling access to a memory region
- FIG. 9 is an example flowchart of a method for controlling access to a memory region.
- a device may store confidential information, such as a cryptographic security parameter (CSP).
- CSP cryptographic security parameter
- the device may use a secondary processor to control access to the confidential information.
- this may increase a cost and complexity of the device and decrease performance.
- a main processor of the device may have to communicate with the secondary processor before receiving access to the confidential information.
- the confidential information may be separated and stored with the processes that may use the confidential information.
- the confidential information may not be accessible unless the corresponding process is loaded and running.
- a memory management unit MMU
- MMU memory management unit
- separating the confidential information among multiples locations may compromise the integrity and/or security of the confidential information.
- the process may malfunction and/or be manipulated by an unauthorized party, such as a hacker, thus reducing an integrity or security of the confidential information.
- Embodiments may increase a security and/or integrity of the confidential information without greatly increasing a complexity of the device.
- a memory request from a process may be received.
- the memory request may include a process ID (PID) of the process, a requested memory address, and a requested access type.
- PID process ID
- the memory request may be compared to a permission set associated with a memory region including the confidential information. Access to the memory region by the process may be controlled based on the comparison.
- access permissions to each part of the confidential information may be separately and selectively based on a variety of factors, such as the PID, requested address, the requested access type, a purpose and a user ID (UID).
- PID process ID
- UID user ID
- embodiments may also carry out additional operations if access to the confidential information by the process is denied. For example, an audit log may be generated when the process requests an improper type of access, in order to maintain a record of faded attempts to access the confidential information. Further, embodiments may carry out an action, such as clearing the confidential information or generating an interrupt, if the PID of the process or the requested address is incompatible.
- FIG. 1 is an example block diagram of a device 100 for controlling access to a memory region 190 .
- the device 100 may be included in any type of device that accesses a memory, such as a secure microprocessor, a notebook computer, a desktop computer, an all-in-one system, a slate computing device, a portable reading device, a wireless email device, a mobile phone, and the like.
- the device 100 includes a permission module 110 .
- the permission module 110 further includes a permission set 120 .
- the permission module 110 may include, for example, a hardware device including electronic circuitry for implementing the functionality described below, such as a register or Boolean logic.
- the permission module 110 may be implemented as a series of instructions encoded on a machine-readable storage medium and executable by a processor.
- the memory region 190 may be part of a machine-readable storage medium, such as any type of electronic, magnetic, optical, or other physical storage device capable of storing information, like data or instructions.
- a machine-readable storage medium such as any type of electronic, magnetic, optical, or other physical storage device capable of storing information, like data or instructions.
- Example of the machine-readable storage medium include Random Access Memory (RAM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a storage drive, a Compact Disc Read Only Memory (CD-ROM), and the like.
- the permission module 110 is to receive a memory request from a process 180 .
- the term process may refer to any part of a computer program or instance thereof.
- the memory request may include a process ID (PD) of the process 180 , a requested memory address, and a requested access type.
- the permission module 110 may compare the memory request to the permission set 120 , which is associated with the memory region 190 storing confidential information 192 .
- the permission module 110 may then control access to the memory region 190 by the process 180 based on the comparison. For example, the permission module 110 may output an access control signal to the memory region 190 that enables and/or disables an ability of the process 180 to access the memory region 190 .
- the confidential information 192 may any type of information to which access is restricted to authorized parties. Examples of the confidential information 192 may include a key, a certificate, information associated with platform security of the device 100 , cryptographic information, private user data, and the like. Example operations of the permission module 110 will be explained in greater detail below with respect to FIGS. 2 to 4 .
- FIG. 2 is an example block diagram of a permission module 210 of the device 100 of FIG. 1 .
- the permission module 210 includes a permission set 220 , a PID module 230 , an address module 240 , an access type module 250 , a first NAND gate 260 , a first AND gate 270 and a NOT gate 280 .
- the permission set 220 includes one more allowed PIDs 222 , a memory address range 224 , and one or more allowed access types 226 associated with the memory region 190 .
- the one or more allowed PIDs 222 may indicate one or more processes that are allowed to access the memory region 190 .
- the memory address range 224 may indicate the addresses that may be accessed when requesting access to memory region 190 .
- the access types 226 include at least one of read, write and reference types.
- the read type indicates whether the process 180 has permission to read a value at the requested memory address.
- the write type indicates whether the process 180 has permission to modify, clear, write, and/or overwrite a value at the requested memory address.
- the reference type indicates whether the process 180 has permission to provide a pointer to the requested memory address, instead of the value at the requested memory address.
- the permission set 220 will be explained in greater detail with respect to FIG. 5 .
- the PD module 230 , address module 240 and access type module 250 may include, for example, a hardware device including electronic circuitry for implementing the functionality described below, such as a register or Boolean logic.
- the modules 230 , 240 and 250 may be implemented as a series of instructions encoded on a machine-readable storage medium and executable by a processor.
- the PID module 230 is to compare the PID of the process 180 to the one or more allowed PIDs 222 of the permission set 220 . For example, if the PID of the process 180 is included in the one or more allowed PIDs 222 , the PID module 230 may output a logic one or high. Otherwise, the PID module 230 may output a logic zero or low.
- the address module 240 is to compare the requested memory address to the memory address range 224 of the permission set 220 . For example, if the requested memory address is included in the memory address range 224 , the address module 240 may output a logic one or high. Otherwise, the address module 240 may output a logic zero or low.
- the access type module 250 is to compare the requested access type to the one or more allowed access types 226 of the permission set 220 . For example, if the requested access type is included in the one or more allowed access types 226 , the access type module 250 may output a logic one or high. Otherwise, the access type module 250 may output a logic zero or low. The output of the access type module 250 is inverted by the NOT gate 280 and output from the permission module 210 as a fault signal.
- the first NAND gate 260 logically NANDs the output of the PID module 230 and the address module 240 and outputs a miss signal out of the permission module 210 .
- the first AND gate 270 logically ANDs the output of the PID module 230 , the address module 240 and the access type module 250 and outputs an access control signal out of the permission module 210 .
- the permission module 210 allows access to the memory region 190 by the process 180 based on the comparisons of the PID, address, and access type modules 230 , 240 and 250 . Further, the permission module 210 asserts the miss signal if the PID module 230 indicates that the one or more allowed PIDs 222 does not include the PID of the process 180 and/or the address module 240 indicates that the memory address range 224 does not include the requested memory address.
- the modules 230 , 240 and 250 is provided below with respect to FIG. 3 .
- FIG. 3 is an example block diagram of the modules 230 , 240 and 250 included in the permission module 210 of the device of FIG. 2 .
- the PID module 230 may include, for example, a bitwise XOR gate 232 and a first NOR gate 234 .
- the PID of the process signal output from the process 180 and the allowed PIDs signal output from the permission set 220 received by the bitwise XOR gate 232 may be multi-bit fields.
- each of the bits of the PID of the process signal and the allowed PIDs signal may correspond to one of a plurality of different types of PIDs, where each of the PIDs corresponds to a different process or type of process.
- bitwise XOR gate 232 bitwise logically XORs the corresponding bits of the PID of the process signal and the allowed PIDs signal.
- the first NOR gate 234 logically NORs all the bits of the output of XOR gate 232 , thus also combining all of the bits output from the bitwise XOR gate 232 .
- the output of the first NOR gate 234 is a logic one or high if the PID of the process 180 is included in the one or more allowed PIDs 222 of the permission set 220 .
- the address module 240 may include, for example, an adder 242 , a first comparator 244 , a second comparator 246 and a second NOR gate 248 .
- the first adder 242 receives an initial address and a length from the memory address range 224 .
- the initial address represents a first address of the memory region 190 and a length represents a number of addresses included in the memory region 190 .
- the adder 242 adds the initial address and the length to output a last memory address of the memory region 190 to the second comparator 246 .
- the first comparator 244 bitwise magnitude compares the requested address of the process 180 to the initial address of the memory address range 224 .
- the first comparator 244 outputs logic one or high signal if the requested address is less than the initial address. Otherwise, the first comparator 244 outputs a logic low or zero signal.
- the second comparator 246 bitwise magnitude compares the last memory address to the requested address of the process 180 .
- the second comparator 246 outputs logic one or high signal if the last memory address is less than the requested address. Otherwise, the second comparator 246 outputs a logic low or zero signal.
- the second NOR gate 248 logically NORs the output of the first and second comparators 244 and 246 .
- the output of the second NOR gate 248 , as well as the output of the address module 240 is a logic one or high if the requested address of the process 180 is included in the memory address range 224 of the permission set 220 .
- the access type module 250 may include, for example, a bitwise AND gate 252 and a first OR gate 254 .
- the allowed access types signal of the permission set 220 and the requested access type signal of the process 180 input to the bitwise AND gate 252 may be multi-bit fields.
- each of the bits of the allowed access types signal and the requested access type signal may correspond to one of a plurality of different access types, such as the read, write, and reference types, as explained above.
- bitwise AND gate 252 bitwise logically ANDs the corresponding bits of the allowed access types signal and the requested access type signal.
- the first OR gate 254 logically ORs all the bits of the output of the bitwise AND gate 252 , thus also combining all of the bits output from the bitwise AND gate 252 .
- the output of the first OR gate 254 is a logic one or high if the requested access type is included in the one or more allowed access types 222 of the permission set 220 .
- the first NAND gate 260 , the first AND gate 270 and the NOT gate 280 may operate as explained above with respect to FIG. 2 .
- FIG. 4 is another example block diagram of the permission module 410 of the device 100 of FIG. 1 .
- the permission module 410 includes a permission set 420 , a PID module 430 , an address module 440 , an access type module 450 , a first NAND gate 460 , a first AND gate 470 , a NOT gate 480 and a purpose module 490 .
- the first AND gate 470 may also receive an output of the purpose module 490 .
- the request of the process 180 may further include a user ID (UID) field and a requested purpose.
- UID user ID
- the permission set 420 of the FIG. 4 may be similar to the permission set 220 of FIG. 2 .
- permission set 420 of FIG. 4 includes one or more allowed PIDs 422 , a memory address range 424 and one or more allowed access types 426 , which is similar to the one or more allowed PIDs 222 , the memory address range 224 and the one or more allowed access types 226 included in the permission set 220 of FIG. 2 .
- the permission set 420 of FIG. 4 also receives the UID and includes one or more allowed purposes 428 , as explained below.
- the UID field may identify a type of user and/or an identity of the user.
- the type of user may relate to user groups, such as staff or administrator.
- the identity of the user may relate to identifying a specific user.
- the permission set 420 may include a plurality of instances of at least part of the permission set 420 . Each of the instances may be associated with one of a plurality of UIDs and include separate permissions for the memory region 190 , as explained in greater detail below with respect to FIG. 5 .
- the requested purpose indicates how the process 180 seeks to use the confidential information 192 at the requested memory address.
- Examples of the requested purpose may include a storage destination of the confidential information 192 , such as an external memory, a type of operation to be performed on the confidential information 192 , such as a type of cryptographic operation, and the like.
- the purpose module 490 may include, for example, a hardware device including electronic circuitry for implementing the functionality described below, such as a register or Boolean logic.
- the permission module 410 may be implemented as a series of instructions encoded on a machine-readable storage medium and executable by a processor.
- the purpose module 490 is to compare the requested purpose to the one or more allowed purposes of the permission set 420 .
- the permission set 420 may send an allowed purpose types signal to the purpose module 480 , where the allowed purpose types signal and the requested purpose signal are multi-bit signals.
- the purpose module 490 may carry out the comparison of the two multi-bit signals in a manner similar to that of the access type module 450 . If the requested purpose is included in the one or more allowed purpose types 428 , the purpose module 480 may output a logic a logic one or high. Otherwise, the purpose module 480 may output a logic a logic zero or low.
- the first AND gate 470 logically ANDs the outputs of the purpose module 480 , the PID module 430 , the address module 440 and the access type module 450 and outputs an access control signal out of the permission module 410 .
- the permission module 410 allows access to the memory region 190 by the process 180 based on the comparisons of the purpose, PID, address, and access type modules 490 , 430 , 440 and 450 .
- the first NAND gate 460 logically NANDs the output of the PID module 430 and the address module 440 and outputs the miss signal out of the permission module 410 .
- the NOT gate 480 inverts the output of the access type module 450 to output a fault signal.
- the permission module 410 asserts the fault signal if the one or more allowed access types 426 does not include the requested access type.
- embodiments may also, for example, assert the fault signal if the one or more purpose types 428 does not include the requested purpose.
- FIG. 5 is an example block diagram of the permission set 520 of the permission module 410 of FIG. 4 .
- the permission set 520 includes seven fields 521 to 527 , where at least some of the fields 525 to 527 include multiple instances.
- the first field 521 may store a valid bit to indicate whether the permission set 520 is active and assigned to the memory region 190 . If the valid bit of the first field 521 is not set, the device 100 may ignore the permission set 520 .
- the second field 522 may store the real address, such as the requested address of the process 180 .
- the third field 523 may store the virtual address that corresponds to a location in the memory region 190 mapped to the real address.
- the fourth field 524 may store the memory address range of the memory region 190 , such as the initial address and the length of the memory region 190 .
- the fifth through seventh fields 525 to 527 may have n instances, where n is a natural number. Each of the instances of the fifth field 525 - 1 to 525 - n may store the allowed access types for a corresponding one of the UIDs. Each of the instances of the sixth field 526 - 1 to 526 - n may store the allowed PIDs for the corresponding one of the UIDs. Each of the instances of the seventh field 527 - 1 to 527 - n may store the allowed purpose types for the corresponding one of the UIDs.
- Each of the groups of instances for each UID may have different permissions.
- the first instances 525 - 1 to 527 - 1 of the first UID may relate to staff users while the nth instances 525 - n to 527 - n of the nth UID may relate to supervisor users.
- the allowed access types of the first UID 525 - 1 may only enable the read access type while the allowed access type of the nth UID 525 - n may enable all of the read, write and reference access types.
- the permission set 520 may choose one of the groups of instances to forward to the modules 480 , 430 and 450 , based on the user identified by the UID.
- permission set 520 is shown to have seven fields 521 to 527 and multiple instances for three of those fields 525 to 527 for different UIDs, embodiments are not limited thereto. For example, embodiments may have more or less than seven fields and/or instances of more or less than three of the fields. Further, the instances may be created and/or grouped according to criteria other than the UID.
- FIG. 6 is another example block diagram of a device 600 for controlling access to a memory region 190 .
- the device 600 includes a plurality of the permission modules 110 - 1 to 110 - n of FIG. 1 , where n is a natural number.
- Embodiments of the device 600 may also include a plurality of other types of permission modules, such as the permission modules 210 or 410 of FIG. 2 or 4 .
- the device 600 further includes a second AND gate 620 , a third AND gate 640 , a second OR gate 670 , an action module 630 and an audit module 650 .
- the action and audit modules 630 and 650 may include, for example, a hardware device including electronic circuitry for implementing the functionality described below, such as a register or Boolean logic.
- the action and audit modules 630 and 650 may be implemented as a series of instructions encoded on a machine-readable storage medium and executable by a processor.
- Each of the permission modules 110 - 1 to 110 - n may include separate permission sets that are associated with different memory regions, as explained in greater detail below with respect to FIG. 7 . However, all of the permission modules 110 - 1 to 110 - n may receive the same PID of the process 180 , the requested memory address, and the requested access type, from the process 180 .
- the second AND gate 620 logically ANDs the miss signals of all the permission modules 110 - 1 to 110 - n and outputs an action signal to the action module 630 . Thus, the action signal is only asserted if all of the permission modules 110 - 1 to 110 - n assert the miss signal.
- the action module 630 is to carry out an action if the action signal is asserted, e.g. the PID module 230 and/or the address module 240 of the permission modules 110 - 1 to 110 - n determine that the one or more allowed PIDs 222 do not include the PID of the process 180 and/or the memory address range 224 does not include the requested memory address.
- the action carried out by the action module 630 may include doing nothing, erasing a value at the requested memory address, erasing all values at the memory region and/or generating an interrupt.
- the interrupt may block access to and/or halt operation of a functionality of the device 600 and/or components related to the device 600 , such as a processor or memory.
- the third AND gate 620 logically ANDs the fault signals of all the permission modules 110 - 1 to 110 - n and outputs an audit signal.
- the audit signal is only asserted if all of the permission modules 110 - 1 to 110 - n assert the fault signal.
- the audit module 650 is to generate an audit log 660 if the audit signal is asserted, e.g. the access type module 250 of the permission modules 110 - 1 to 110 - n determines that the one or more allowed access types 226 does not include the requested access type.
- the audit log 660 may include the PID of the process 180 , the requested address, the requested access type, the UID, a number of failed access attempts, a timestamp of the one or more failed access attempts, and/or the like.
- the audit log 660 may be configurable.
- the audit module 650 may be configured to vary the contents and/or length of the audit log 660 .
- a method for saving the audit log 660 may also be configured, such as a flat file method that stops when the audit log 660 is full, a circular file method that overwrites old data with new data when the audit log 660 is full, and/or combination thereof.
- the second NOR gate 620 logically NORs the access control signals of all the permission modules 110 - 1 to 110 - n and outputs an access control signal.
- the device 600 asserts the access control signal to grant the process 180 access to the memory region 180 , if at least one of the permission modules 110 - 1 to 110 - n grants access to the memory region 180 .
- the action and audit modules 630 and 650 are shown to operate in conjunction with a plurality of permission modules 110 - 1 to 110 - n , the action and audit modules 630 and 650 may also be operate in conjunction with a single permission module 110 .
- FIG. 7 is an example block diagram of a system 700 including the device 600 of FIG. 6 .
- the system 700 includes a device 705 , a processor 710 , a memory management unit 720 and memory 730 .
- the device 705 of FIG. 7 may be similar to the device 600 of FIG. 6 .
- embodiments of the system 700 may also include other similar devices, such as the device 100 of FIG. 1 .
- the memory 730 includes a plurality of memory regions 190 - 1 to 190 - n (n is a natural number), where each of the memory regions 190 - 1 to 190 - n may be similar to the memory region 190 of FIG. 1 .
- Each of the permission modules 110 - 1 to 110 - n corresponds to one of the memory regions 190 - 1 to 190 - n .
- each of the permission modules 110 - 1 to 110 - n may include a permission set 120 that controls access to the confidential information 192 of one of the corresponding memory regions 190 - 1 to 190 - n.
- the processor 710 may be, at least one central processing unit (CPU), at least one semiconductor-based microprocessor, at least one graphics processing unit (GPU), other hardware devices suitable for retrieval and execution of instructions of the process 180 .
- the processor 710 may output the memory request of the process 180 and/or receive the action signal.
- the MMU 720 may share responsibilities with the device 700 for controlling aspects of memory map management. For example, at least one of the device 700 and the MMU 210 may define the address ranges for different parts of the memory 730 , such as the plurality of memory regions 190 - 1 to 190 - n , and/or map real (e.g. internal or physical) addresses to virtual (e.g., logical or external) addresses. Further, the MMU 720 may manage access control for regions of the memory 730 that do not include the confidential information 192 while the device 700 may manage access control for regions of the memory 730 that do include the confidential information 192 .
- the processor 710 may communicate with the MMU 710 when the processor 710 seeks to access the memory 730 , such as after executing an instruction of the process 180 . For instance, the processor 710 may transmit one or more requests to the MMU 720 . In turn, the MMU 720 may transmit all of the memory requests to the device 700 or transmit only the memory requests to the device 700 that relate to the confidential information 192 managed by the permission modules 110 - 1 to 110 - n . If all the memory requests are transmitted to the device 700 , the device 700 may include additional processing logic to carry out some functions also generally carried out at the MMU 720 , but overall performance may be increased.
- the device 700 may have a more compact design and allow for easier integration into the system 700 .
- the memory request is transmitted to all of the plurality of permission modules 110 - 1 to 110 - n when received by the device 700 .
- FIG. 8 is an example block diagram of a computing device 800 including instructions for controlling access to a memory region (not shown).
- the computing device 800 includes a processor 810 and a machine-readable storage medium 820 .
- the machine-readable storage medium 820 further includes instructions 822 , 824 , 826 and 828 for controlling access to the memory region (not shown).
- the computing device 800 may be, for example, a chip set, a notebook computer, a slate computing device, a portable reading device, a wireless email device, a mobile phone, or any other device capable of executing the instructions 822 , 824 , 826 and 828 .
- the computing device 800 may include or be connected to additional components such as memories, sensors, displays, etc.
- the processor 810 may be, at least one central processing unit (CPU), at least one semiconductor-based microprocessor, at least one graphics processing unit (GPU), other hardware devices suitable for retrieval and execution of instructions stored in the machine-readable storage medium 820 , or combinations thereof.
- the processor 410 may fetch, decode, and execute instructions 822 , 824 , 826 and 828 to implement controlling access to the memory region.
- the processor 810 may include at least one integrated circuit (IC), other control logic, other electronic circuits, or combinations thereof that include a number of electronic components for performing the functionality of instructions 822 , 824 , 826 and 828 .
- IC integrated circuit
- the machine-readable storage medium 820 may be any electronic, magnetic, optical, or other physical storage device that contains or stores executable instructions.
- the machine-readable storage medium 820 may be, for example, Random Access Memory (RAM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a storage drive, a Compact Disc Read Only Memory (CD-ROM), and the like.
- RAM Random Access Memory
- EEPROM Electrically Erasable Programmable Read-Only Memory
- CD-ROM Compact Disc Read Only Memory
- the machine-readable storage medium 820 can be non-transitory.
- machine-readable storage medium 820 may be encoded with a series of executable instructions for controlling access to the memory region.
- the instructions 822 , 824 , 826 and 828 when executed by a processor can cause the processor to perform processes, such as, the process of FIG. 9 .
- the compare PID instructions 822 may be executed by the processor 810 to compare a PID of a process (not shown) to one or more allowed PIDs.
- the compare requested address instructions 824 may be executed by the processor 810 to compare a requested address to an allowed address range.
- the compare requested access type instructions 826 may be executed by the processor 810 to compare the requested access type to one or more allowed access types.
- the allow instructions 828 may be executed by the processor 810 to allow the process to access the memory region including confidential information (not shown), if the one or more allowed PIDs includes the PID of the process, the allowed address range includes the requested address and the one or more allowed access types includes the requested access type.
- the machine-readable storage medium 820 may also include instructions (not shown) to at least one of generate an audit log and carry out an action if the one or more allowed PIDs does not include the PID of the process, the allowed address range does not include the requested address and/or the one or more allowed access types does not include the requested access type.
- the audit log includes at least one of the PID of the process, the requested memory address, the requested access type, a user ID (UID), a requested purpose, a number of failed access attempts, and a timestamp of the one or more failed access attempts.
- the action includes at least one of doing nothing, erasing a value at the requested memory address, erasing all values at the memory region, and generating an interrupt. An operation of the device 800 may be described in more detail with respect to FIG. 9 .
- FIG. 9 is an example flowchart of a method 900 for controlling access to a memory region 190 .
- execution of the method 900 is described below with reference to the device 600 , other suitable components for execution of the method 900 can be utilized, such as the device 100 .
- the components for executing the method 900 may be spread among multiple devices (e.g., a processing device in communication with input and output devices). In certain scenarios, multiple devices acting in coordination can be considered a single device to perform the method 900 .
- the method 900 may be implemented in the form of executable instructions stored on a machine-readable storage medium, such as storage medium 820 , and/or in the form of electronic circuitry.
- the device 600 receives from a process 180 a request to access a memory region 190 having confidential information 192 .
- the request includes a process ID (PID) of the process, a requested address, and a requested access type.
- PID process ID
- the device 600 compares the PID of the process 180 to one or more allowed PIDs 222 and flows to block 915 . If the one or more allowed PIDs does not include the PID of the process 180 , the device 600 generates an action at block 920 .
- the action includes at least one of doing nothing, erasing a value at the requested memory address, erasing all values at the memory region, and generating an interrupt.
- the device 600 compares the requested address to an allowed address range at block 925 and then flows to block 930 . If the allowed address range does not include the requested address, the device 600 generates the action at block 920 .
- the device 600 compares the requested access type to one or more allowed access types at block 935 and then flows to block 940 . If the one or more allowed access types include the requested access type, the device 600 allows the process 180 to access the memory region 190 at block 945 . If the one or more allowed access types does not include the requested access type, the device 600 flows to block 950 to determine if an audit log is enabled. If the audit log is not enabled, the device 600 denies the process 180 access to the memory region 190 at block 960 . If the audit log is enabled, the device 600 generates the audit log 660 at block 955 and then denies the process 180 access to the memory region 190 at block 960 .
- embodiments may increase a security and/or integrity of the confidential information without greatly increasing a complexity of the device.
- a memory request from a process may be received.
- the memory request may include PID of the process, a requested memory address, and a requested access type.
- the memory request may be compared to a permission set associated with a memory region including the confidential information. Access to the memory region by the process may be controlled based on the comparison.
Abstract
Description
Claims (15)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/232,224 US9483422B2 (en) | 2011-07-18 | 2012-01-31 | Access to memory region including confidential information |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201161509078P | 2011-07-18 | 2011-07-18 | |
PCT/US2012/023385 WO2013012444A1 (en) | 2011-07-18 | 2012-01-31 | Access to memory region including confidential information access to memory region including confidential information |
US14/232,224 US9483422B2 (en) | 2011-07-18 | 2012-01-31 | Access to memory region including confidential information |
Publications (2)
Publication Number | Publication Date |
---|---|
US20140156961A1 US20140156961A1 (en) | 2014-06-05 |
US9483422B2 true US9483422B2 (en) | 2016-11-01 |
Family
ID=47422868
Family Applications (12)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/233,310 Abandoned US20140149729A1 (en) | 2011-07-18 | 2011-12-15 | Reset vectors for boot instructions |
US14/233,321 Active US9465755B2 (en) | 2011-07-18 | 2011-12-15 | Security parameter zeroization |
US14/232,217 Abandoned US20140164793A1 (en) | 2011-07-18 | 2011-12-22 | Cryptographic information association to memory regions |
US14/232,229 Abandoned US20140140512A1 (en) | 2011-06-18 | 2012-01-06 | Requested and allowed cryptographic operations comparison |
US13/355,315 Active 2033-04-20 US8930154B2 (en) | 2011-07-18 | 2012-01-20 | First and second voltage measurements to adjust a voltage measurer |
US14/232,224 Active US9483422B2 (en) | 2011-07-18 | 2012-01-31 | Access to memory region including confidential information |
US14/131,291 Abandoned US20140223113A1 (en) | 2011-07-18 | 2012-02-03 | Selector syncronized with movement of data in memory |
US14/130,871 Expired - Fee Related US9418026B2 (en) | 2011-07-18 | 2012-02-08 | Transition between states in a processor |
US13/407,845 Active 2033-10-14 US9015516B2 (en) | 2011-07-18 | 2012-02-29 | Storing event data and a time value in memory with an event logging module |
US14/233,334 Expired - Fee Related US9418027B2 (en) | 2011-07-18 | 2012-03-30 | Secure boot information with validation control data specifying a validation technique |
US13/455,867 Abandoned US20130024153A1 (en) | 2011-07-18 | 2012-04-25 | Microprocessor testing circuit |
US13/459,523 Abandoned US20130024637A1 (en) | 2011-07-18 | 2012-04-30 | Memory access unlock |
Family Applications Before (5)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/233,310 Abandoned US20140149729A1 (en) | 2011-07-18 | 2011-12-15 | Reset vectors for boot instructions |
US14/233,321 Active US9465755B2 (en) | 2011-07-18 | 2011-12-15 | Security parameter zeroization |
US14/232,217 Abandoned US20140164793A1 (en) | 2011-07-18 | 2011-12-22 | Cryptographic information association to memory regions |
US14/232,229 Abandoned US20140140512A1 (en) | 2011-06-18 | 2012-01-06 | Requested and allowed cryptographic operations comparison |
US13/355,315 Active 2033-04-20 US8930154B2 (en) | 2011-07-18 | 2012-01-20 | First and second voltage measurements to adjust a voltage measurer |
Family Applications After (6)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/131,291 Abandoned US20140223113A1 (en) | 2011-07-18 | 2012-02-03 | Selector syncronized with movement of data in memory |
US14/130,871 Expired - Fee Related US9418026B2 (en) | 2011-07-18 | 2012-02-08 | Transition between states in a processor |
US13/407,845 Active 2033-10-14 US9015516B2 (en) | 2011-07-18 | 2012-02-29 | Storing event data and a time value in memory with an event logging module |
US14/233,334 Expired - Fee Related US9418027B2 (en) | 2011-07-18 | 2012-03-30 | Secure boot information with validation control data specifying a validation technique |
US13/455,867 Abandoned US20130024153A1 (en) | 2011-07-18 | 2012-04-25 | Microprocessor testing circuit |
US13/459,523 Abandoned US20130024637A1 (en) | 2011-07-18 | 2012-04-30 | Memory access unlock |
Country Status (4)
Country | Link |
---|---|
US (12) | US20140149729A1 (en) |
EP (3) | EP2734951A4 (en) |
CN (3) | CN103688269A (en) |
WO (8) | WO2013012436A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170250909A1 (en) * | 2015-01-22 | 2017-08-31 | Hewlett Packard Enterprise Development Lp | Router to send a request from a first subnet to a second subnet |
US10318438B1 (en) * | 2017-12-07 | 2019-06-11 | Nuvoton Technology Corporation | Secure memory access using memory read restriction |
Families Citing this family (76)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140149729A1 (en) | 2011-07-18 | 2014-05-29 | Ted A. Hadley | Reset vectors for boot instructions |
US20130155081A1 (en) * | 2011-12-15 | 2013-06-20 | Ati Technologies Ulc | Power management in multiple processor system |
US9094830B2 (en) * | 2012-07-05 | 2015-07-28 | Blackberry Limited | Managing data transfer across a network interface |
US9275223B2 (en) | 2012-10-19 | 2016-03-01 | Mcafee, Inc. | Real-time module protection |
US9575768B1 (en) | 2013-01-08 | 2017-02-21 | Marvell International Ltd. | Loading boot code from multiple memories |
US9258119B2 (en) * | 2013-05-08 | 2016-02-09 | Cyber Solutions International, Llc | Trusted tamper reactive secure storage |
JP6452135B2 (en) * | 2013-07-24 | 2019-01-16 | マーベル ワールド トレード リミテッド | Key replacement for memory controller |
WO2015015305A1 (en) * | 2013-07-31 | 2015-02-05 | Marvell Word Trade Ltd. | Parallelizing boot operations |
JP6311170B2 (en) * | 2013-10-30 | 2018-04-18 | 株式会社Joled | Display device power-off method and display device |
US9253213B2 (en) * | 2013-12-16 | 2016-02-02 | International Business Machines Corporation | Query flow reconstruction in database activity monitoring systems |
US10031863B2 (en) * | 2014-01-30 | 2018-07-24 | Hewlett Packard Enterprise Development Lp | Access controlled memory region |
WO2015132838A1 (en) * | 2014-03-03 | 2015-09-11 | 株式会社日立製作所 | Method and device for displaying material fatigue of machine |
CN106471766B (en) * | 2014-03-31 | 2019-08-06 | 爱迪德技术有限公司 | Crypto chip and correlation technique |
US20150293862A1 (en) * | 2014-04-10 | 2015-10-15 | Andes Technology Corporation | Hardware configuration apparatus |
US11550877B2 (en) * | 2014-04-15 | 2023-01-10 | Maxlinear, Inc. | Root of trust |
GB201413836D0 (en) | 2014-08-05 | 2014-09-17 | Arm Ip Ltd | Device security apparatus and methods |
GB2529429B (en) * | 2014-08-19 | 2021-07-21 | Origami Energy Ltd | Power distribution control system |
US9835043B2 (en) * | 2014-10-01 | 2017-12-05 | United Technologies Corporation | Guided binding-resistant actuation apparatus and method |
US10275604B2 (en) | 2014-10-31 | 2019-04-30 | Hewlett Packard Enterprise Development Lp | Security record transfer in a computing system |
US10503909B2 (en) | 2014-10-31 | 2019-12-10 | Hewlett Packard Enterprise Development Lp | System and method for vulnerability remediation verification |
WO2016108902A1 (en) | 2014-12-31 | 2016-07-07 | Hewlett Packard Enterprise Development Lp | Enterprise service bus logging |
US9772652B2 (en) * | 2015-02-23 | 2017-09-26 | Dell Products L.P. | Systems and methods for distributing and synchronizing real-time clock |
GB2538091B (en) * | 2015-05-07 | 2018-03-14 | Advanced Risc Mach Ltd | Verifying correct code execution context |
US11503031B1 (en) | 2015-05-29 | 2022-11-15 | Pure Storage, Inc. | Storage array access control from cloud-based user authorization and authentication |
US9444822B1 (en) * | 2015-05-29 | 2016-09-13 | Pure Storage, Inc. | Storage array access control from cloud-based user authorization and authentication |
US10691476B2 (en) * | 2015-06-27 | 2020-06-23 | Mcafee, Llc | Protection of sensitive data |
GB2540965B (en) | 2015-07-31 | 2019-01-30 | Arm Ip Ltd | Secure configuration data storage |
GB2540961B (en) * | 2015-07-31 | 2019-09-18 | Arm Ip Ltd | Controlling configuration data storage |
EP3369028B1 (en) * | 2015-10-29 | 2021-01-20 | Hewlett-Packard Development Company, L.P. | Checking a security value calculated for a part of a program code |
US10270773B2 (en) * | 2015-11-04 | 2019-04-23 | International Business Machines Corporation | Mechanism for creating friendly transactions with credentials |
US10235297B2 (en) | 2015-11-04 | 2019-03-19 | International Business Machines Corporation | Mechanism for creating friendly transactions with credentials |
US10185633B2 (en) * | 2015-12-15 | 2019-01-22 | Intel Corporation | Processor state integrity protection using hash verification |
US9685389B1 (en) | 2016-02-03 | 2017-06-20 | Taiwan Semiconductor Manufacturing Co., Ltd. | Formation of getter layer for memory device |
CN107533602B (en) | 2016-04-22 | 2021-01-12 | 慧与发展有限责任合伙企业 | Computing device and method thereof, and computing system |
US10417441B2 (en) * | 2016-04-29 | 2019-09-17 | International Business Machines Corporation | Effectively validating dynamic database queries through database activity monitoring |
FR3052280A1 (en) | 2016-06-03 | 2017-12-08 | Proton World Int Nv | |
FR3052279B1 (en) * | 2016-06-03 | 2019-06-21 | Proton World International N.V. | AUTHENTICATION OF A CARD WITH NON-CONTACT READING |
US11126565B2 (en) * | 2016-06-27 | 2021-09-21 | Hewlett Packard Enterprise Development Lp | Encrypted memory access using page table attributes |
JP6799404B2 (en) * | 2016-07-13 | 2020-12-16 | 株式会社デンソーテン | Information processing device and information processing method |
US10664183B1 (en) | 2016-07-25 | 2020-05-26 | Oracle International Corporation | Method and apparatus for storing memory attributes |
WO2018060769A1 (en) * | 2016-09-28 | 2018-04-05 | Nanolock Security Inc. | Access control for integrated circuit devices |
US10069633B2 (en) | 2016-09-30 | 2018-09-04 | Data I/O Corporation | Unified programming environment for programmable devices |
US20180275731A1 (en) * | 2017-03-21 | 2018-09-27 | Hewlett Packard Enterprise Development Lp | Processor reset vectors |
US11178160B2 (en) * | 2017-04-26 | 2021-11-16 | Splunk Inc. | Detecting and mitigating leaked cloud authorization keys |
US10909248B2 (en) * | 2017-06-29 | 2021-02-02 | Microsoft Technology Licensing, Llc | Executing encrypted boot loaders |
CN109753821B (en) * | 2017-11-01 | 2022-03-15 | 瑞昱半导体股份有限公司 | Data access device and method |
EP3514499B1 (en) * | 2018-01-23 | 2020-08-26 | Siemens Aktiengesellschaft | Verification of sensor data |
LU100844B1 (en) | 2018-06-25 | 2019-12-30 | Univ Luxembourg | Method for preventing ransomware attacks on computing systems |
CN110677250B (en) | 2018-07-02 | 2022-09-02 | 阿里巴巴集团控股有限公司 | Key and certificate distribution method, identity information processing method, device and medium |
EP3599737A1 (en) * | 2018-07-24 | 2020-01-29 | Gemalto Sa | Method to create a primary cryptographic key with owner-defined transformation rules |
CN110795742B (en) | 2018-08-02 | 2023-05-02 | 阿里巴巴集团控股有限公司 | Metric processing method, device, storage medium and processor for high-speed cryptographic operation |
CN110795774B (en) | 2018-08-02 | 2023-04-11 | 阿里巴巴集团控股有限公司 | Measurement method, device and system based on trusted high-speed encryption card |
CN110826113A (en) * | 2018-08-09 | 2020-02-21 | 深圳市菲德越科技有限公司 | Data secure storage method and device |
CN110874478B (en) | 2018-08-29 | 2023-05-02 | 阿里巴巴集团控股有限公司 | Key processing method and device, storage medium and processor |
JP2020043258A (en) | 2018-09-12 | 2020-03-19 | キオクシア株式会社 | Semiconductor memory and manufacturing method thereof |
US10747909B2 (en) | 2018-09-25 | 2020-08-18 | Northrop Grumman Systems Corporation | System architecture to mitigate memory imprinting |
US10754993B2 (en) | 2018-09-25 | 2020-08-25 | Northrop Grumman Systems Corporation | Architecture to mitigate configuration memory imprinting in programmable logic |
US11599403B2 (en) * | 2018-10-03 | 2023-03-07 | SK Hynix Inc. | Logging mechanism for memory system |
US10984108B2 (en) * | 2018-10-05 | 2021-04-20 | International Business Machines Corporation | Trusted computing attestation of system validation state |
JP7018864B2 (en) * | 2018-10-15 | 2022-02-14 | ルネサスエレクトロニクス株式会社 | Semiconductor devices and their control methods |
US11625459B2 (en) * | 2019-02-08 | 2023-04-11 | Raytheon Technologies Corporation | Embedded processing system with multi-stage authentication |
US11228443B2 (en) | 2019-03-25 | 2022-01-18 | Micron Technology, Inc. | Using memory as a block in a block chain |
CN110309083B (en) * | 2019-06-28 | 2021-09-07 | 兆讯恒达科技股份有限公司 | Memory data scrambling method |
US11169973B2 (en) * | 2019-08-23 | 2021-11-09 | International Business Machines Corporation | Atomically tracking transactions for auditability and security |
DE102019122806A1 (en) * | 2019-08-26 | 2021-03-04 | Infineon Technologies Ag | Cryptographic device |
US20210097184A1 (en) * | 2019-09-27 | 2021-04-01 | Advanced Micro Devices, Inc. | Secure buffer for bootloader |
US11768611B2 (en) | 2020-04-02 | 2023-09-26 | Axiado Corporation | Secure boot of a processing chip |
CN113704144A (en) * | 2020-05-22 | 2021-11-26 | 澜起科技股份有限公司 | Memory controller and method for controlling access to memory module |
US11868476B2 (en) * | 2020-06-02 | 2024-01-09 | Hypori, Inc. | Boot-specific key access in a virtual device platform |
US11184159B1 (en) * | 2020-09-01 | 2021-11-23 | Slack Technologies, Inc. | Encryption key management for channels with multiple organizations |
CN112631720B (en) * | 2020-12-23 | 2023-05-23 | 海光信息技术股份有限公司 | Memory control method, medium and equipment |
WO2022157467A1 (en) * | 2021-01-19 | 2022-07-28 | Cirrus Logic International Semiconductor Limited | Integrated circuit with asymmetric access privileges |
US11809334B2 (en) * | 2021-01-19 | 2023-11-07 | Cirrus Logic Inc. | Integrated circuit with asymmetric access privileges |
US20230161875A1 (en) * | 2021-11-19 | 2023-05-25 | Nxp Usa, Inc. | Supply voltage proportionality monitoring in a system-on-chip (soc) |
US20230350820A1 (en) * | 2022-04-28 | 2023-11-02 | Infineon Technologies Ag | Systems and methods for concurrent logging and event capture |
US20230418590A1 (en) * | 2022-06-22 | 2023-12-28 | Hewlett-Packard Development Company, L.P. | Instruction updates |
Citations (109)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5131040A (en) | 1991-02-28 | 1992-07-14 | Motorola, Inc. | Method for backing up and erasing encryption keys |
US5249286A (en) | 1990-05-29 | 1993-09-28 | National Semiconductor Corporation | Selectively locking memory locations within a microprocessor's on-chip cache |
JPH0628885Y2 (en) | 1987-05-26 | 1994-08-03 | 松下電工株式会社 | Box |
US5469564A (en) | 1993-02-08 | 1995-11-21 | Samsung Electronics Co., Ltd. | Data storage device with enhanced data security |
JPH0869697A (en) | 1994-08-31 | 1996-03-12 | Hitachi Ltd | Semiconductor file storage |
US5600576A (en) | 1994-03-11 | 1997-02-04 | Northrop Grumman Corporation | Time stress measurement device |
WO1997045960A1 (en) | 1996-05-31 | 1997-12-04 | Försvarets Forskningsanstalt | Autocalibrating a/d converter and sensor device comprising such a converter |
US5825878A (en) | 1996-09-20 | 1998-10-20 | Vlsi Technology, Inc. | Secure memory management unit for microprocessor |
WO1999031665A1 (en) | 1997-12-15 | 1999-06-24 | Tellabs Research Limited | Memory addressing |
US5937063A (en) | 1996-09-30 | 1999-08-10 | Intel Corporation | Secure boot |
US5987557A (en) | 1997-06-19 | 1999-11-16 | Sun Microsystems, Inc. | Method and apparatus for implementing hardware protection domains in a system with no memory management unit (MMU) |
EP0987625A2 (en) | 1998-09-01 | 2000-03-22 | Texas Instruments Incorporated | Microprocessor with a plurality of functional units and cache levels |
US6078873A (en) | 1997-10-02 | 2000-06-20 | Cummins Engine Company, Inc. | Method and apparatus for real-time data stamping via datalink and volatile ECM timer/clock |
US6188603B1 (en) | 1997-09-29 | 2001-02-13 | Nec Corporation | Nonvolatile memory device |
US20010010086A1 (en) | 1997-09-11 | 2001-07-26 | Kunihiro Katayama | Semiconductor memory device having deterioration determining function |
US6424143B1 (en) | 1998-05-30 | 2002-07-23 | Micronas Gmbh | Process for monitoring the function of a sensor module and a sensor module to perform the process |
US6466048B1 (en) | 2001-05-23 | 2002-10-15 | Mosaid Technologies, Inc. | Method and apparatus for switchably selecting an integrated circuit operating mode |
US6553496B1 (en) | 1999-02-01 | 2003-04-22 | Koninklijke Philips Electronics N.V. | Integration of security modules on an integrated circuit |
US6553492B1 (en) | 1996-10-18 | 2003-04-22 | Toshiba Information Systems (Japan) Corporation | Client-server system, server access authentication method, memory medium stores server-access authentication programs, and issuance device which issues the memory medium contents |
US20030133574A1 (en) | 2002-01-16 | 2003-07-17 | Sun Microsystems, Inc. | Secure CPU and memory management unit with cryptographic extensions |
US20030140228A1 (en) | 2001-09-06 | 2003-07-24 | Binder Philip A. | Method and device for control by consumers over personal data |
US20030200453A1 (en) | 2002-04-18 | 2003-10-23 | International Business Machines Corporation | Control function with multiple security states for facilitating secure operation of an integrated system |
US20030200454A1 (en) | 2002-04-18 | 2003-10-23 | International Business Machines Corporation | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
US20040088333A1 (en) | 2002-01-25 | 2004-05-06 | David Sidman | Apparatus method and system for tracking information access |
US6745306B1 (en) * | 1999-07-29 | 2004-06-01 | Microsoft Corporation | Method and system for restricting the load of physical address translations of virtual addresses |
US20040148480A1 (en) | 2002-11-18 | 2004-07-29 | Arm Limited | Virtual to physical memory address mapping within a system having a secure domain and a non-secure domain |
US20040210764A1 (en) | 2003-04-18 | 2004-10-21 | Advanced Micro Devices, Inc. | Initialization of a computer system including a secure execution mode-capable processor |
US6836548B1 (en) | 1991-10-29 | 2004-12-28 | The Commonwealth Of Australia | Communications security and trusted path method and means |
US6835579B2 (en) | 2000-05-09 | 2004-12-28 | Xilinx, Inc | Method of monitoring internal voltage and controlling a parameter of an integrated circuit |
US6910094B1 (en) | 1997-10-08 | 2005-06-21 | Koninklijke Philips Electronics N.V. | Secure memory management unit which uses multiple cryptographic algorithms |
US20050144358A1 (en) | 2003-12-30 | 2005-06-30 | Conley Kevin M. | Management of non-volatile memory systems having large erase blocks |
CN1650183A (en) | 2002-04-30 | 2005-08-03 | 飞思卡尔半导体公司 | Method and apparatus for secure scan testing |
US6928551B1 (en) | 1999-10-29 | 2005-08-09 | Lockheed Martin Corporation | Method and apparatus for selectively denying access to encoded data |
US20060031685A1 (en) | 2004-08-04 | 2006-02-09 | Sherman Chen | System and method for secure code downloading |
US20060059373A1 (en) | 2004-09-10 | 2006-03-16 | International Business Machines Corporation | Integrated circuit chip for encryption and decryption using instructions supplied through a secure interface |
US20060090084A1 (en) | 2004-10-22 | 2006-04-27 | Mark Buer | Secure processing environment |
US7039816B2 (en) | 1999-09-02 | 2006-05-02 | Cryptography Research, Inc. | Using smartcards or other cryptographic modules for enabling connected devices to access encrypted audio and visual content |
US20060101241A1 (en) | 2004-10-14 | 2006-05-11 | International Business Machines Corporation | Instruction group formation and mechanism for SMT dispatch |
US7062615B2 (en) | 2003-08-29 | 2006-06-13 | Emulex Design & Manufacturing Corporation | Multi-channel memory access arbitration method and system |
US20060168212A1 (en) | 2002-12-20 | 2006-07-27 | Becrypt Limited | Security system and method |
US20060179324A1 (en) | 2005-02-07 | 2006-08-10 | Sony Computer Entertainment Inc. | Methods and apparatus for facilitating a secure session between a processor and an external device |
US20060179302A1 (en) | 2005-02-07 | 2006-08-10 | Sony Computer Entertainment Inc. | Methods and apparatus for providing a secure booting sequence in a processor |
US20060184791A1 (en) | 2005-02-14 | 2006-08-17 | Schain Mariano R | Encryption/decryption mechanism of network deployed executable image for secure boot of a device embedded in an un-trusted host |
US20060215437A1 (en) | 2005-03-28 | 2006-09-28 | Trika Sanjeev N | Recovering from memory imprints |
US20070067644A1 (en) | 2005-08-26 | 2007-03-22 | International Business Machines Corporation | Memory control unit implementing a rotating-key encryption algorithm |
US7218567B1 (en) | 2005-09-23 | 2007-05-15 | Xilinx, Inc. | Method and apparatus for the protection of sensitive data within an integrated circuit |
US20070136606A1 (en) | 2005-12-08 | 2007-06-14 | Makio Mizuno | Storage system with built-in encryption function |
US20070140477A1 (en) | 2005-12-16 | 2007-06-21 | Lsi Logic Corporation | Memory encryption for digital video |
US7237121B2 (en) | 2001-09-17 | 2007-06-26 | Texas Instruments Incorporated | Secure bootloader for securing digital devices |
US20070174909A1 (en) | 2005-02-18 | 2007-07-26 | Credant Technologies, Inc. | System and method for intelligence based security |
US20070192610A1 (en) | 2006-02-10 | 2007-08-16 | Chun Dexter T | Method and apparatus for securely booting from an external storage device |
US20070237325A1 (en) | 2006-02-01 | 2007-10-11 | Gershowitz Michael N | Method and apparatus to improve security of cryptographic systems |
US7299365B2 (en) | 2002-01-16 | 2007-11-20 | Microsoft Corporation | Secure video card methods and systems |
US20070283140A1 (en) | 2006-04-13 | 2007-12-06 | Stmicroelectronics (Research & Development) Limited | Multiple purpose integrated circuit |
US20080005586A1 (en) | 2006-06-27 | 2008-01-03 | Peter Munguia | Systems and techniques for datapath security in a system-on-a-chip device |
US20080010567A1 (en) | 2006-07-07 | 2008-01-10 | Arm Limited | Memory testing |
CN101120353A (en) | 2004-12-21 | 2008-02-06 | 桑迪士克股份有限公司 | Versatile content control with partitioning |
US20080072018A1 (en) | 2006-09-20 | 2008-03-20 | Le Hung Q | Data processing system, processor and method of data processing employing an improved instruction destination tag |
US7360073B1 (en) | 2003-05-15 | 2008-04-15 | Pointsec Mobile Technologies, Llc | Method and apparatus for providing a secure boot for a computer system |
US20080112405A1 (en) | 2006-11-01 | 2008-05-15 | Chris Cholas | Methods and apparatus for premises content distribution |
US20080162848A1 (en) | 2006-12-30 | 2008-07-03 | Hewlett-Packard Development Company, L.P. | Controlling access to a memory region |
US7398441B1 (en) | 2005-12-21 | 2008-07-08 | Rockwell Collins, Inc. | System and method for providing secure boundary scan interface access |
US20080165952A1 (en) | 2007-01-07 | 2008-07-10 | Michael Smith | Secure Booting A Computing Device |
JP2008192036A (en) | 2007-02-07 | 2008-08-21 | Renesas Technology Corp | Microcontroller |
US7423529B2 (en) | 2003-01-16 | 2008-09-09 | Obs, Inc. | Systems and methods for mobile security and monitoring |
US7424398B2 (en) | 2006-06-22 | 2008-09-09 | Lexmark International, Inc. | Boot validation system and method |
US7457960B2 (en) | 2004-11-30 | 2008-11-25 | Analog Devices, Inc. | Programmable processor supporting secure mode |
US20090055637A1 (en) | 2007-08-24 | 2009-02-26 | Ingemar Holm | Secure power-on reset engine |
US7525836B2 (en) | 2005-12-16 | 2009-04-28 | Maxim Integrated Products, Inc. | Non-imprinting memory with high speed erase |
US20090138699A1 (en) | 2007-09-28 | 2009-05-28 | Shingo Miyazaki | Software module management device and program |
US20090150546A1 (en) | 2002-09-11 | 2009-06-11 | Guardian Data Storage, Llc | Protecting Encrypted Files Transmitted over a Network |
US20090154705A1 (en) | 2007-12-13 | 2009-06-18 | Price Iii William F | Apparatus and Method for Facilitating Cryptographic Key Management Services |
US20090172496A1 (en) | 2007-12-28 | 2009-07-02 | Texas Instruments Incorporated | Technique for memory imprint reliability improvement |
US7568112B2 (en) | 2003-01-21 | 2009-07-28 | Kabushiki Kaisha Toshiba | Data access control method for tamper resistant microprocessor using cache memory |
US20090196418A1 (en) | 2008-02-04 | 2009-08-06 | Freescale Semiconductor, Inc. | Encryption Apparatus with Diverse Key Retention Schemes |
US20090259854A1 (en) | 2008-04-10 | 2009-10-15 | Nvidia Corporation | Method and system for implementing a secure chain of trust |
US20090262940A1 (en) | 2008-02-29 | 2009-10-22 | Min-Soo Lim | Memory controller and memory device including the memory controller |
US20090292732A1 (en) | 2008-05-26 | 2009-11-26 | Microsoft Corporation | Similarity-based content sampling and relevance feedback |
US20090290712A1 (en) | 2008-05-24 | 2009-11-26 | Via Technologies, Inc | On-die cryptographic apparatus in a secure microprocessor |
US20090293130A1 (en) | 2008-05-24 | 2009-11-26 | Via Technologies, Inc | Microprocessor having a secure execution mode with provisions for monitoring, indicating, and managing security levels |
US20090328201A1 (en) | 2008-06-30 | 2009-12-31 | Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd. | Password input device, computer security system using the same and method thereof |
US7657760B2 (en) | 2000-12-28 | 2010-02-02 | Kabushiki Kaisha Toshiba | Method for sharing encrypted data region among processes in tamper resistant processor |
US7667997B2 (en) | 2007-12-27 | 2010-02-23 | Texas Instruments Incorporated | Method to improve ferroelectronic memory performance and reliability |
US20100057960A1 (en) | 2008-08-26 | 2010-03-04 | Atmel Corporation | Secure information processing |
US20100064125A1 (en) | 2008-09-11 | 2010-03-11 | Mediatek Inc. | Programmable device and booting method |
US7681024B2 (en) | 2004-12-09 | 2010-03-16 | Samsung Electronics Co., Ltd. | Secure booting apparatus and method |
US20100088739A1 (en) | 2008-10-06 | 2010-04-08 | International Business Machines Corporation | Hardware Based Mandatory Access Control |
US7729156B2 (en) | 2007-12-26 | 2010-06-01 | Texas Instruments Incorporated | Cycling to mitigate imprint in ferroelectric memories |
US7733250B1 (en) | 2006-11-17 | 2010-06-08 | Zilog, Inc. | Microcontroller having in-situ autocalibrated integrating analog-to-digital converter (IADC) |
US7757098B2 (en) | 2006-06-27 | 2010-07-13 | Intel Corporation | Method and apparatus for verifying authenticity of initial boot code |
US7761904B2 (en) | 2002-09-30 | 2010-07-20 | Harris Corporation | Removable cryptographic ignition key system and method |
US7774619B2 (en) | 2004-11-17 | 2010-08-10 | Broadcom Corporation | Secure code execution using external memory |
US7793067B2 (en) * | 2005-08-12 | 2010-09-07 | Globalfoundries Inc. | Translation data prefetch in an IOMMU |
US20100268942A1 (en) | 2009-04-15 | 2010-10-21 | Secuware | Systems and Methods for Using Cryptographic Keys |
US7844835B2 (en) | 1995-02-13 | 2010-11-30 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
US20100312940A1 (en) | 2009-06-03 | 2010-12-09 | Nec Electronics Corporation | Dma transfer control device |
US20110012709A1 (en) | 2009-07-14 | 2011-01-20 | Compx International Inc. | Method and system for data control in electronic locks |
US20110026831A1 (en) | 2009-07-30 | 2011-02-03 | Xerox Corporation | Compact signature for unordered vector sets with application to image retrieval |
US20110095776A1 (en) | 2009-10-27 | 2011-04-28 | Sony Computer Entertainment Inc. | Electronic component and inspection system |
US20110116635A1 (en) | 2009-11-16 | 2011-05-19 | Hagai Bar-El | Methods circuits devices and systems for provisioning of cryptographic data to one or more electronic devices |
US7949912B1 (en) | 2009-01-15 | 2011-05-24 | Xilinx, Inc. | System and method of securing data stored in a memory |
US7954153B2 (en) | 2005-04-05 | 2011-05-31 | Stmicroelectronics Sa | Secured coprocessor comprising an event detection circuit |
US20110154501A1 (en) | 2009-12-23 | 2011-06-23 | Banginwar Rajesh P | Hardware attestation techniques |
US8027927B2 (en) | 1999-10-18 | 2011-09-27 | Stamps.Com | Cryptographic module for secure processing of value-bearing items |
CN101995301B (en) | 2009-08-20 | 2012-08-01 | 上海华虹Nec电子有限公司 | Temperature detection circuit of integrated circuit and calibration method thereof |
US20120224691A1 (en) | 2011-03-04 | 2012-09-06 | Purohit Vinay D | System and method providing resilient data transmission via spectral fragments |
US20130305380A1 (en) | 2012-05-14 | 2013-11-14 | Thomson Licensing | Methods and devices for 3d object protection using surface subdivision |
US20140115698A1 (en) * | 2004-12-21 | 2014-04-24 | Sandisk Technologies Inc. | Method for Versatile Content Control with Partitioning |
US20140358949A1 (en) | 2013-05-29 | 2014-12-04 | Fujitsu Limited | Database controller, method, and program for handling range queries |
Family Cites Families (87)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3183498A (en) | 1961-10-02 | 1965-05-11 | Itt | Line-monitor circuit |
US4424561A (en) | 1980-12-31 | 1984-01-03 | Honeywell Information Systems Inc. | Odd/even bank structure for a cache memory |
JPH0628885B2 (en) | 1986-12-19 | 1994-04-20 | 松下電器産業株式会社 | Injection molding machine |
AU601784B2 (en) | 1986-12-18 | 1990-09-20 | Honeywell Bull Inc. | Data processing system having a bus command generated by one subsystem on behalf of another subsystem |
US5214760A (en) | 1988-08-26 | 1993-05-25 | Tektronix, Inc. | Adaptable multiple port data buffer |
US5497497A (en) | 1989-11-03 | 1996-03-05 | Compaq Computer Corp. | Method and apparatus for resetting multiple processors using a common ROM |
US5872967A (en) | 1989-12-29 | 1999-02-16 | Packard Bell Nec | Method for warm boot from reset |
US5389738A (en) | 1992-05-04 | 1995-02-14 | Motorola, Inc. | Tamperproof arrangement for an integrated circuit device |
JPH0628885A (en) * | 1992-06-23 | 1994-02-04 | Takayama:Kk | Memory device |
US5450082A (en) | 1993-11-29 | 1995-09-12 | Caterpillar Inc. | Single multi-purpose input for different types of sensors with data edge conditioning circuit or ADC to provide digital output |
JP2697621B2 (en) | 1994-07-29 | 1998-01-14 | 日本電気株式会社 | Signal cycle detection circuit and signal loss monitoring circuit |
US5956377A (en) | 1996-05-31 | 1999-09-21 | Vtech Communications, Ltd. | Method and apparatus for synchronizing frames within a continuous stream of digital data |
US5682328A (en) | 1996-09-11 | 1997-10-28 | Bbn Corporation | Centralized computer event data logging system |
US6377691B1 (en) | 1996-12-09 | 2002-04-23 | Microsoft Corporation | Challenge-response authentication and key exchange for a connectionless security protocol |
US7580919B1 (en) | 1997-03-10 | 2009-08-25 | Sonicwall, Inc. | Query interface to policy server |
JPH10333898A (en) * | 1997-05-29 | 1998-12-18 | Nec Corp | Microcomputer |
US6161180A (en) * | 1997-08-29 | 2000-12-12 | International Business Machines Corporation | Authentication for secure devices with limited cryptography |
US6378072B1 (en) * | 1998-02-03 | 2002-04-23 | Compaq Computer Corporation | Cryptographic system |
US6292898B1 (en) | 1998-02-04 | 2001-09-18 | Spyrus, Inc. | Active erasure of electronically stored data upon tamper detection |
US6463535B1 (en) * | 1998-10-05 | 2002-10-08 | Intel Corporation | System and method for verifying the integrity and authorization of software before execution in a local platform |
US6625727B1 (en) | 1999-11-23 | 2003-09-23 | Motorola, Inc. | Apparatus and method for configuring a data processing system by retrieving a configuration value from storage device using reset vector and configuring parameters after reset |
US6704865B1 (en) | 1999-12-23 | 2004-03-09 | Delphi Technologies, Inc. | Microprocessor conditional deterministic reset vector method |
US6789182B1 (en) | 2000-11-13 | 2004-09-07 | Kevin Jay Brothers | System and method for logging computer event data and physical components of a complex distributed system |
US6938164B1 (en) | 2000-11-22 | 2005-08-30 | Microsoft Corporation | Method and system for allowing code to be securely initialized in a computer |
US6859876B2 (en) | 2000-12-29 | 2005-02-22 | Hewlett-Packard Development Company, L.P. | System and method for detecting and using a replacement boot block during initialization by an original boot block |
GB2372597B (en) | 2001-02-27 | 2005-08-10 | Hewlett Packard Co | Device and method for data timestamping |
JP2002269065A (en) | 2001-03-08 | 2002-09-20 | Mitsubishi Electric Corp | Microcomputer with incorporated programmable nonvolatile memory |
US7242766B1 (en) * | 2001-11-21 | 2007-07-10 | Silicon Image, Inc. | Method and system for encrypting and decrypting data using an external agent |
JP2003167649A (en) | 2001-11-28 | 2003-06-13 | Mitsubishi Electric Corp | Information processor |
JP2003240810A (en) | 2002-02-14 | 2003-08-27 | Mitsubishi Electric Corp | Break detection circuit |
US6724342B2 (en) | 2002-04-19 | 2004-04-20 | Sirf Technology, Inc. | Compensation for frequency adjustment in mobile communication-positioning device with shared oscillator |
US20040054859A1 (en) * | 2002-09-13 | 2004-03-18 | Chanson Lin | Mouse device capable of storing data |
AU2003278350A1 (en) | 2002-11-18 | 2004-06-15 | Arm Limited | Secure memory for protecting against malicious programs |
GB2396712B (en) | 2002-11-18 | 2005-12-07 | Advanced Risc Mach Ltd | Handling multiple interrupts in a data processing system utilising multiple operating systems |
FR2849233B1 (en) * | 2002-12-24 | 2005-05-20 | Trusted Logic | METHOD FOR SECURING COMPUTER SYSTEMS BY SOFTWARE CONFINEMENT |
KR20050101201A (en) * | 2003-02-11 | 2005-10-20 | 코닌클리즈케 필립스 일렉트로닉스 엔.브이. | Self zeroing for critical, continuous-time applications |
JP4082261B2 (en) | 2003-03-31 | 2008-04-30 | 株式会社デンソー | Disconnection detection circuit for sensor device |
JP2004326671A (en) * | 2003-04-28 | 2004-11-18 | National Institute Of Advanced Industrial & Technology | Remote calibration system for metering instrument and remote calibration method for metering instrument |
US20040267847A1 (en) * | 2003-05-13 | 2004-12-30 | Bsi2000, Inc. | Hardware random-number generator |
WO2005003938A1 (en) | 2003-07-04 | 2005-01-13 | Nokia Corporation | Key storage administration |
CN101241735B (en) | 2003-07-07 | 2012-07-18 | 罗威所罗生股份有限公司 | Method for replaying encrypted video and audio content |
US20050091554A1 (en) | 2003-08-07 | 2005-04-28 | Dmitrii Loukianov | Event time-stamping |
KR101044937B1 (en) * | 2003-12-01 | 2011-06-28 | 삼성전자주식회사 | Home network system and method thereof |
US7299347B1 (en) * | 2004-04-02 | 2007-11-20 | Super Talent Electronics, Inc. | Boot management in computer systems assisted by an endpoint with PCI-XP or USB-V2 interface |
DE102004024002B4 (en) | 2004-05-14 | 2008-05-21 | Aim Infrarot-Module Gmbh | Method for authenticating sensor data and associated sensor |
US7222053B2 (en) | 2004-07-12 | 2007-05-22 | Mack Trucks, Inc. | Event-driven portable data bus message logger |
US8656185B2 (en) | 2004-07-30 | 2014-02-18 | Safenet, Inc. | High-assurance processor active memory content protection |
US20060095726A1 (en) | 2004-08-31 | 2006-05-04 | Ivivity, Inc. | Independent hardware based code locator |
US20060059368A1 (en) * | 2004-09-10 | 2006-03-16 | International Business Machines Corporation | System and method for processing by distinct entities securely configurable circuit chips |
US7818574B2 (en) * | 2004-09-10 | 2010-10-19 | International Business Machines Corporation | System and method for providing dynamically authorized access to functionality present on an integrated circuit chip |
US8621597B1 (en) * | 2004-10-22 | 2013-12-31 | Xilinx, Inc. | Apparatus and method for automatic self-erasing of programmable logic devices |
US7725703B2 (en) * | 2005-01-07 | 2010-05-25 | Microsoft Corporation | Systems and methods for securely booting a computer with a trusted processing module |
US8276185B2 (en) | 2005-01-19 | 2012-09-25 | Micron Technology, Inc. | Enhanced security memory access method and architecture |
US7321314B2 (en) | 2005-03-09 | 2008-01-22 | Intel Corporation | Device, system and method of detection of input unit disconnection |
US7571475B2 (en) * | 2005-04-05 | 2009-08-04 | Cisco Technology, Inc. | Method and electronic device for triggering zeroization in an electronic device |
US7336212B2 (en) * | 2005-05-02 | 2008-02-26 | Ati Technologies Inc. | Apparatus and methods for measurement of analog voltages in an integrated circuit |
US7549064B2 (en) | 2005-05-10 | 2009-06-16 | Hewlett-Packard Development Company, L.P. | Secure circuit assembly |
DE602005011967D1 (en) | 2005-09-09 | 2009-02-05 | Infineon Technologies Ag | JTAG port |
US7496727B1 (en) | 2005-12-06 | 2009-02-24 | Transmeta Corporation | Secure memory access system and method |
US7657754B2 (en) * | 2005-12-08 | 2010-02-02 | Agere Systems Inc | Methods and apparatus for the secure handling of data in a microcontroller |
US7792302B2 (en) | 2006-02-01 | 2010-09-07 | Dolby Laboratories Licensing Corporation | Securely coupling an FPGA to a security IC |
US7512719B1 (en) | 2006-03-16 | 2009-03-31 | American Megatrends, Inc. | Sharing a dynamically located memory block between components executing in different processor modes in an extensible firmware interface environment |
US8060744B2 (en) * | 2006-03-23 | 2011-11-15 | Harris Corporation | Computer architecture for an electronic device providing single-level secure access to multi-level secure file system |
US20070288740A1 (en) | 2006-06-09 | 2007-12-13 | Dale Jason N | System and method for secure boot across a plurality of processors |
US7886355B2 (en) * | 2006-06-30 | 2011-02-08 | Motorola Mobility, Inc. | Subsidy lock enabled handset device with asymmetric verification unlocking control and method thereof |
US8725974B2 (en) | 2007-01-17 | 2014-05-13 | Oracle America, Inc. | Page-protection based memory access barrier traps |
US8615665B2 (en) | 2007-01-26 | 2013-12-24 | Harris Corporation | Method for providing high assurance integrity of installed software images in a software defined radio |
US8151118B2 (en) * | 2007-01-29 | 2012-04-03 | Microsoft Corporation | Master-slave security devices |
JP4933946B2 (en) | 2007-04-18 | 2012-05-16 | 株式会社日立製作所 | External storage device and information leakage prevention method |
JP5007867B2 (en) | 2007-05-11 | 2012-08-22 | ナグラスター エル.エル.シー. | Apparatus for controlling processor execution in a secure environment |
JP2008310270A (en) * | 2007-06-18 | 2008-12-25 | Panasonic Corp | Cryptographic equipment and cryptography operation method |
US20090031135A1 (en) | 2007-07-27 | 2009-01-29 | Raghunathan Kothandaraman | Tamper Proof Seal For An Electronic Document |
US7937596B2 (en) | 2007-08-30 | 2011-05-03 | Harris Corporation | Adaptable microcontroller based security monitor |
US8082439B2 (en) | 2007-12-06 | 2011-12-20 | Hewlett-Packard Development Company, L.P. | Firmware modification in a computer system environment supporting operational state changes |
DE102008021567B4 (en) * | 2008-04-30 | 2018-03-22 | Globalfoundries Inc. | Computer system with secure boot mechanism based on symmetric key encryption |
US8484486B2 (en) * | 2008-08-06 | 2013-07-09 | Silver Spring Networks, Inc. | Integrated cryptographic security module for a network node |
US8452984B2 (en) * | 2008-08-28 | 2013-05-28 | Alcatel Lucent | Message authentication code pre-computation with applications to secure memory |
US8732445B2 (en) * | 2008-10-10 | 2014-05-20 | Panasonic Corporation | Information processing device, information processing method, information processing program, and integrated circuit |
CN101478538B (en) | 2008-12-31 | 2012-06-06 | 成都市华为赛门铁克科技有限公司 | Storage method, apparatus or system for safety management device |
JP5440613B2 (en) | 2009-12-28 | 2014-03-12 | 富士通株式会社 | Power supply control device and power supply control method |
WO2011130211A1 (en) * | 2010-04-12 | 2011-10-20 | Interdigital Patent Holdings, Inc. | Staged control release in boot process |
US20120185636A1 (en) * | 2010-08-04 | 2012-07-19 | Isc8, Inc. | Tamper-Resistant Memory Device With Variable Data Transmission Rate |
US8667244B2 (en) | 2011-03-21 | 2014-03-04 | Hewlett-Packard Development Company, L.P. | Methods, systems, and apparatus to prevent memory imprinting |
US20140149729A1 (en) | 2011-07-18 | 2014-05-29 | Ted A. Hadley | Reset vectors for boot instructions |
US8527675B2 (en) | 2011-07-27 | 2013-09-03 | Raytheon Company | System and method for implementing a secure processor data bus |
WO2013016643A2 (en) | 2011-07-28 | 2013-01-31 | Integrated Technology Corporation | Damage reduction method and apparatus for destructive testing of power semiconductors |
US8572410B1 (en) * | 2012-07-18 | 2013-10-29 | Freescale Semiconductor, Inc. | Virtualized protected storage |
-
2011
- 2011-12-15 US US14/233,310 patent/US20140149729A1/en not_active Abandoned
- 2011-12-15 US US14/233,321 patent/US9465755B2/en active Active
- 2011-12-15 WO PCT/US2011/065081 patent/WO2013012436A1/en active Application Filing
- 2011-12-15 WO PCT/US2011/065066 patent/WO2013012435A1/en active Application Filing
- 2011-12-22 US US14/232,217 patent/US20140164793A1/en not_active Abandoned
- 2011-12-22 WO PCT/US2011/066750 patent/WO2013012437A1/en active Application Filing
- 2011-12-22 CN CN201180072367.9A patent/CN103688269A/en active Pending
- 2011-12-22 EP EP11869688.9A patent/EP2734951A4/en not_active Withdrawn
-
2012
- 2012-01-06 WO PCT/US2012/020528 patent/WO2012177295A1/en active Application Filing
- 2012-01-06 US US14/232,229 patent/US20140140512A1/en not_active Abandoned
- 2012-01-20 US US13/355,315 patent/US8930154B2/en active Active
- 2012-01-31 US US14/232,224 patent/US9483422B2/en active Active
- 2012-01-31 CN CN201280035799.7A patent/CN103890852A/en active Pending
- 2012-01-31 WO PCT/US2012/023385 patent/WO2013012444A1/en active Application Filing
- 2012-01-31 EP EP12814537.2A patent/EP2735000A4/en not_active Withdrawn
- 2012-02-03 WO PCT/US2012/023794 patent/WO2013012447A1/en active Application Filing
- 2012-02-03 US US14/131,291 patent/US20140223113A1/en not_active Abandoned
- 2012-02-08 CN CN201280035506.5A patent/CN103733204A/en active Pending
- 2012-02-08 US US14/130,871 patent/US9418026B2/en not_active Expired - Fee Related
- 2012-02-08 EP EP12814434.2A patent/EP2734903B1/en not_active Not-in-force
- 2012-02-08 WO PCT/US2012/024367 patent/WO2013012449A1/en active Application Filing
- 2012-02-29 US US13/407,845 patent/US9015516B2/en active Active
- 2012-03-30 US US14/233,334 patent/US9418027B2/en not_active Expired - Fee Related
- 2012-03-30 WO PCT/US2012/031542 patent/WO2013012461A1/en active Application Filing
- 2012-04-25 US US13/455,867 patent/US20130024153A1/en not_active Abandoned
- 2012-04-30 US US13/459,523 patent/US20130024637A1/en not_active Abandoned
Patent Citations (111)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0628885Y2 (en) | 1987-05-26 | 1994-08-03 | 松下電工株式会社 | Box |
US5249286A (en) | 1990-05-29 | 1993-09-28 | National Semiconductor Corporation | Selectively locking memory locations within a microprocessor's on-chip cache |
US5131040A (en) | 1991-02-28 | 1992-07-14 | Motorola, Inc. | Method for backing up and erasing encryption keys |
US6836548B1 (en) | 1991-10-29 | 2004-12-28 | The Commonwealth Of Australia | Communications security and trusted path method and means |
US5469564A (en) | 1993-02-08 | 1995-11-21 | Samsung Electronics Co., Ltd. | Data storage device with enhanced data security |
US5600576A (en) | 1994-03-11 | 1997-02-04 | Northrop Grumman Corporation | Time stress measurement device |
JPH0869697A (en) | 1994-08-31 | 1996-03-12 | Hitachi Ltd | Semiconductor file storage |
US7844835B2 (en) | 1995-02-13 | 2010-11-30 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
WO1997045960A1 (en) | 1996-05-31 | 1997-12-04 | Försvarets Forskningsanstalt | Autocalibrating a/d converter and sensor device comprising such a converter |
US5825878A (en) | 1996-09-20 | 1998-10-20 | Vlsi Technology, Inc. | Secure memory management unit for microprocessor |
US5937063A (en) | 1996-09-30 | 1999-08-10 | Intel Corporation | Secure boot |
US6553492B1 (en) | 1996-10-18 | 2003-04-22 | Toshiba Information Systems (Japan) Corporation | Client-server system, server access authentication method, memory medium stores server-access authentication programs, and issuance device which issues the memory medium contents |
US5987557A (en) | 1997-06-19 | 1999-11-16 | Sun Microsystems, Inc. | Method and apparatus for implementing hardware protection domains in a system with no memory management unit (MMU) |
US20010010086A1 (en) | 1997-09-11 | 2001-07-26 | Kunihiro Katayama | Semiconductor memory device having deterioration determining function |
US6188603B1 (en) | 1997-09-29 | 2001-02-13 | Nec Corporation | Nonvolatile memory device |
US6078873A (en) | 1997-10-02 | 2000-06-20 | Cummins Engine Company, Inc. | Method and apparatus for real-time data stamping via datalink and volatile ECM timer/clock |
US6910094B1 (en) | 1997-10-08 | 2005-06-21 | Koninklijke Philips Electronics N.V. | Secure memory management unit which uses multiple cryptographic algorithms |
WO1999031665A1 (en) | 1997-12-15 | 1999-06-24 | Tellabs Research Limited | Memory addressing |
US6424143B1 (en) | 1998-05-30 | 2002-07-23 | Micronas Gmbh | Process for monitoring the function of a sensor module and a sensor module to perform the process |
EP0987625A2 (en) | 1998-09-01 | 2000-03-22 | Texas Instruments Incorporated | Microprocessor with a plurality of functional units and cache levels |
US6553496B1 (en) | 1999-02-01 | 2003-04-22 | Koninklijke Philips Electronics N.V. | Integration of security modules on an integrated circuit |
US6745306B1 (en) * | 1999-07-29 | 2004-06-01 | Microsoft Corporation | Method and system for restricting the load of physical address translations of virtual addresses |
US7039816B2 (en) | 1999-09-02 | 2006-05-02 | Cryptography Research, Inc. | Using smartcards or other cryptographic modules for enabling connected devices to access encrypted audio and visual content |
US8027927B2 (en) | 1999-10-18 | 2011-09-27 | Stamps.Com | Cryptographic module for secure processing of value-bearing items |
US6928551B1 (en) | 1999-10-29 | 2005-08-09 | Lockheed Martin Corporation | Method and apparatus for selectively denying access to encoded data |
US6835579B2 (en) | 2000-05-09 | 2004-12-28 | Xilinx, Inc | Method of monitoring internal voltage and controlling a parameter of an integrated circuit |
US7657760B2 (en) | 2000-12-28 | 2010-02-02 | Kabushiki Kaisha Toshiba | Method for sharing encrypted data region among processes in tamper resistant processor |
US6466048B1 (en) | 2001-05-23 | 2002-10-15 | Mosaid Technologies, Inc. | Method and apparatus for switchably selecting an integrated circuit operating mode |
US20030140228A1 (en) | 2001-09-06 | 2003-07-24 | Binder Philip A. | Method and device for control by consumers over personal data |
US7237121B2 (en) | 2001-09-17 | 2007-06-26 | Texas Instruments Incorporated | Secure bootloader for securing digital devices |
US7299365B2 (en) | 2002-01-16 | 2007-11-20 | Microsoft Corporation | Secure video card methods and systems |
US7107459B2 (en) | 2002-01-16 | 2006-09-12 | Sun Microsystems, Inc. | Secure CPU and memory management unit with cryptographic extensions |
US20030133574A1 (en) | 2002-01-16 | 2003-07-17 | Sun Microsystems, Inc. | Secure CPU and memory management unit with cryptographic extensions |
US20040088333A1 (en) | 2002-01-25 | 2004-05-06 | David Sidman | Apparatus method and system for tracking information access |
US20030200453A1 (en) | 2002-04-18 | 2003-10-23 | International Business Machines Corporation | Control function with multiple security states for facilitating secure operation of an integrated system |
US20030200454A1 (en) | 2002-04-18 | 2003-10-23 | International Business Machines Corporation | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
CN1650183A (en) | 2002-04-30 | 2005-08-03 | 飞思卡尔半导体公司 | Method and apparatus for secure scan testing |
US20090150546A1 (en) | 2002-09-11 | 2009-06-11 | Guardian Data Storage, Llc | Protecting Encrypted Files Transmitted over a Network |
US7761904B2 (en) | 2002-09-30 | 2010-07-20 | Harris Corporation | Removable cryptographic ignition key system and method |
US20040148480A1 (en) | 2002-11-18 | 2004-07-29 | Arm Limited | Virtual to physical memory address mapping within a system having a secure domain and a non-secure domain |
US20060168212A1 (en) | 2002-12-20 | 2006-07-27 | Becrypt Limited | Security system and method |
US7423529B2 (en) | 2003-01-16 | 2008-09-09 | Obs, Inc. | Systems and methods for mobile security and monitoring |
US7568112B2 (en) | 2003-01-21 | 2009-07-28 | Kabushiki Kaisha Toshiba | Data access control method for tamper resistant microprocessor using cache memory |
US20040210764A1 (en) | 2003-04-18 | 2004-10-21 | Advanced Micro Devices, Inc. | Initialization of a computer system including a secure execution mode-capable processor |
US7360073B1 (en) | 2003-05-15 | 2008-04-15 | Pointsec Mobile Technologies, Llc | Method and apparatus for providing a secure boot for a computer system |
US7062615B2 (en) | 2003-08-29 | 2006-06-13 | Emulex Design & Manufacturing Corporation | Multi-channel memory access arbitration method and system |
US20050144358A1 (en) | 2003-12-30 | 2005-06-30 | Conley Kevin M. | Management of non-volatile memory systems having large erase blocks |
US20060031685A1 (en) | 2004-08-04 | 2006-02-09 | Sherman Chen | System and method for secure code downloading |
US20060059373A1 (en) | 2004-09-10 | 2006-03-16 | International Business Machines Corporation | Integrated circuit chip for encryption and decryption using instructions supplied through a secure interface |
US20060101241A1 (en) | 2004-10-14 | 2006-05-11 | International Business Machines Corporation | Instruction group formation and mechanism for SMT dispatch |
US20060090084A1 (en) | 2004-10-22 | 2006-04-27 | Mark Buer | Secure processing environment |
US7774619B2 (en) | 2004-11-17 | 2010-08-10 | Broadcom Corporation | Secure code execution using external memory |
US7457960B2 (en) | 2004-11-30 | 2008-11-25 | Analog Devices, Inc. | Programmable processor supporting secure mode |
US7681024B2 (en) | 2004-12-09 | 2010-03-16 | Samsung Electronics Co., Ltd. | Secure booting apparatus and method |
CN101120353A (en) | 2004-12-21 | 2008-02-06 | 桑迪士克股份有限公司 | Versatile content control with partitioning |
US20140115698A1 (en) * | 2004-12-21 | 2014-04-24 | Sandisk Technologies Inc. | Method for Versatile Content Control with Partitioning |
US7831839B2 (en) | 2005-02-07 | 2010-11-09 | Sony Computer Entertainment Inc. | Methods and apparatus for providing a secure booting sequence in a processor |
US20060179324A1 (en) | 2005-02-07 | 2006-08-10 | Sony Computer Entertainment Inc. | Methods and apparatus for facilitating a secure session between a processor and an external device |
US20060179302A1 (en) | 2005-02-07 | 2006-08-10 | Sony Computer Entertainment Inc. | Methods and apparatus for providing a secure booting sequence in a processor |
US20060184791A1 (en) | 2005-02-14 | 2006-08-17 | Schain Mariano R | Encryption/decryption mechanism of network deployed executable image for secure boot of a device embedded in an un-trusted host |
US20070174909A1 (en) | 2005-02-18 | 2007-07-26 | Credant Technologies, Inc. | System and method for intelligence based security |
US20060215437A1 (en) | 2005-03-28 | 2006-09-28 | Trika Sanjeev N | Recovering from memory imprints |
US7954153B2 (en) | 2005-04-05 | 2011-05-31 | Stmicroelectronics Sa | Secured coprocessor comprising an event detection circuit |
US7793067B2 (en) * | 2005-08-12 | 2010-09-07 | Globalfoundries Inc. | Translation data prefetch in an IOMMU |
US20070067644A1 (en) | 2005-08-26 | 2007-03-22 | International Business Machines Corporation | Memory control unit implementing a rotating-key encryption algorithm |
US7218567B1 (en) | 2005-09-23 | 2007-05-15 | Xilinx, Inc. | Method and apparatus for the protection of sensitive data within an integrated circuit |
US20070136606A1 (en) | 2005-12-08 | 2007-06-14 | Makio Mizuno | Storage system with built-in encryption function |
US7525836B2 (en) | 2005-12-16 | 2009-04-28 | Maxim Integrated Products, Inc. | Non-imprinting memory with high speed erase |
US20070140477A1 (en) | 2005-12-16 | 2007-06-21 | Lsi Logic Corporation | Memory encryption for digital video |
US7398441B1 (en) | 2005-12-21 | 2008-07-08 | Rockwell Collins, Inc. | System and method for providing secure boundary scan interface access |
US20070237325A1 (en) | 2006-02-01 | 2007-10-11 | Gershowitz Michael N | Method and apparatus to improve security of cryptographic systems |
US20070192610A1 (en) | 2006-02-10 | 2007-08-16 | Chun Dexter T | Method and apparatus for securely booting from an external storage device |
US20070283140A1 (en) | 2006-04-13 | 2007-12-06 | Stmicroelectronics (Research & Development) Limited | Multiple purpose integrated circuit |
US7424398B2 (en) | 2006-06-22 | 2008-09-09 | Lexmark International, Inc. | Boot validation system and method |
US20080005586A1 (en) | 2006-06-27 | 2008-01-03 | Peter Munguia | Systems and techniques for datapath security in a system-on-a-chip device |
US7757098B2 (en) | 2006-06-27 | 2010-07-13 | Intel Corporation | Method and apparatus for verifying authenticity of initial boot code |
US20080010567A1 (en) | 2006-07-07 | 2008-01-10 | Arm Limited | Memory testing |
US20080072018A1 (en) | 2006-09-20 | 2008-03-20 | Le Hung Q | Data processing system, processor and method of data processing employing an improved instruction destination tag |
US20080112405A1 (en) | 2006-11-01 | 2008-05-15 | Chris Cholas | Methods and apparatus for premises content distribution |
US7733250B1 (en) | 2006-11-17 | 2010-06-08 | Zilog, Inc. | Microcontroller having in-situ autocalibrated integrating analog-to-digital converter (IADC) |
US20080162848A1 (en) | 2006-12-30 | 2008-07-03 | Hewlett-Packard Development Company, L.P. | Controlling access to a memory region |
US20080165952A1 (en) | 2007-01-07 | 2008-07-10 | Michael Smith | Secure Booting A Computing Device |
JP2008192036A (en) | 2007-02-07 | 2008-08-21 | Renesas Technology Corp | Microcontroller |
US20090055637A1 (en) | 2007-08-24 | 2009-02-26 | Ingemar Holm | Secure power-on reset engine |
US20090138699A1 (en) | 2007-09-28 | 2009-05-28 | Shingo Miyazaki | Software module management device and program |
US20090154705A1 (en) | 2007-12-13 | 2009-06-18 | Price Iii William F | Apparatus and Method for Facilitating Cryptographic Key Management Services |
US7729156B2 (en) | 2007-12-26 | 2010-06-01 | Texas Instruments Incorporated | Cycling to mitigate imprint in ferroelectric memories |
US7667997B2 (en) | 2007-12-27 | 2010-02-23 | Texas Instruments Incorporated | Method to improve ferroelectronic memory performance and reliability |
US20090172496A1 (en) | 2007-12-28 | 2009-07-02 | Texas Instruments Incorporated | Technique for memory imprint reliability improvement |
US20090196418A1 (en) | 2008-02-04 | 2009-08-06 | Freescale Semiconductor, Inc. | Encryption Apparatus with Diverse Key Retention Schemes |
US20090262940A1 (en) | 2008-02-29 | 2009-10-22 | Min-Soo Lim | Memory controller and memory device including the memory controller |
US20090259854A1 (en) | 2008-04-10 | 2009-10-15 | Nvidia Corporation | Method and system for implementing a secure chain of trust |
US20090293130A1 (en) | 2008-05-24 | 2009-11-26 | Via Technologies, Inc | Microprocessor having a secure execution mode with provisions for monitoring, indicating, and managing security levels |
US20090290712A1 (en) | 2008-05-24 | 2009-11-26 | Via Technologies, Inc | On-die cryptographic apparatus in a secure microprocessor |
US20090292732A1 (en) | 2008-05-26 | 2009-11-26 | Microsoft Corporation | Similarity-based content sampling and relevance feedback |
US20090328201A1 (en) | 2008-06-30 | 2009-12-31 | Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd. | Password input device, computer security system using the same and method thereof |
US20100057960A1 (en) | 2008-08-26 | 2010-03-04 | Atmel Corporation | Secure information processing |
US20100064125A1 (en) | 2008-09-11 | 2010-03-11 | Mediatek Inc. | Programmable device and booting method |
US20100088739A1 (en) | 2008-10-06 | 2010-04-08 | International Business Machines Corporation | Hardware Based Mandatory Access Control |
US7949912B1 (en) | 2009-01-15 | 2011-05-24 | Xilinx, Inc. | System and method of securing data stored in a memory |
US20100268942A1 (en) | 2009-04-15 | 2010-10-21 | Secuware | Systems and Methods for Using Cryptographic Keys |
US20100312940A1 (en) | 2009-06-03 | 2010-12-09 | Nec Electronics Corporation | Dma transfer control device |
US20110012709A1 (en) | 2009-07-14 | 2011-01-20 | Compx International Inc. | Method and system for data control in electronic locks |
US20110026831A1 (en) | 2009-07-30 | 2011-02-03 | Xerox Corporation | Compact signature for unordered vector sets with application to image retrieval |
CN101995301B (en) | 2009-08-20 | 2012-08-01 | 上海华虹Nec电子有限公司 | Temperature detection circuit of integrated circuit and calibration method thereof |
US20110095776A1 (en) | 2009-10-27 | 2011-04-28 | Sony Computer Entertainment Inc. | Electronic component and inspection system |
US20110116635A1 (en) | 2009-11-16 | 2011-05-19 | Hagai Bar-El | Methods circuits devices and systems for provisioning of cryptographic data to one or more electronic devices |
US20110154501A1 (en) | 2009-12-23 | 2011-06-23 | Banginwar Rajesh P | Hardware attestation techniques |
US20120224691A1 (en) | 2011-03-04 | 2012-09-06 | Purohit Vinay D | System and method providing resilient data transmission via spectral fragments |
US20130305380A1 (en) | 2012-05-14 | 2013-11-14 | Thomson Licensing | Methods and devices for 3d object protection using surface subdivision |
US20140358949A1 (en) | 2013-05-29 | 2014-12-04 | Fujitsu Limited | Database controller, method, and program for handling range queries |
Non-Patent Citations (24)
Title |
---|
"ARM Security Technology Building a Secure System Using TrustZone® Technology", < http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C-trustzone-security-whitepaper.pdf > Issue: C, 2009. |
Anderson, R. et al., "Cryptographic Processors-A Survey," Proceedings of the IEEE, vol. 94, No. 2, Feb. 2006, pp. 357-369. |
Bialas; "Intelligent Sensors Security", Sensors, Institute of Innovative Technologies EMAG, 40-189 Katowice, ul. Leopolda 31, Poland, ISSN 1424-8220, Jan. 22, 2010. . |
Bialas; "Intelligent Sensors Security", Sensors, Institute of Innovative Technologies EMAG, 40-189 Katowice, ul. Leopolda 31, Poland, ISSN 1424-8220, Jan. 22, 2010. <www.mdpi.com/journal/sensors>. |
Datta et al.; "Calibration of On-Chip Thermal Sensors using Process Monitoring Circuits", University of Massachusetts, Amherst, MA USA, IEEE 978-1-4244-6455-5/10, 2010. |
Extended European Search Report, Feb. 5, 2015, European Patent Application No. 12814537.2, 6 pages. |
Fields, et al; "Cryptographic Key Protection Module in Hardware for the Need2know System", < http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=1594225 > On pp. 814-817; vol. 1, Aug. 7-10, 2005. |
Fields, et al; "Cryptographic Key Protection Module in Hardware for the Need2know System", On pp. 814-817; vol. 1, Aug. 7-10, 2005. |
Gilmont, et al; "An Architecture of Security Management Unit for Safe Hosting of Multiple Agents", < http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.21.3663 > On pp. 79-82, 1998. |
Gilmont, et al; "An Architecture of Security Management Unit for Safe Hosting of Multiple Agents", On pp. 79-82, 1998. |
International Search Report and Written Opinion received in PCT Application No. PCT/US2011/065081, mailed Jul. 25, 2012, 9 pgs. |
International Search Report and Written Opinion received in PCT Application No. PCT/US2011/066750, mailed on Sep. 20, 2012. 10 pgs. |
International Search Report and Written Opinion received in PCT Application No. PCT/US2012/020528, mailed Aug. 22, 2012, 9 pgs. |
International Search Report and Written Opinion received in PCT Application No. PCT/US2012/023385, mailed May 22, 2012, 10 pgs. |
International Search Report and Written Opinion received in PCT Application No. PCT/US2012/023794, mailed Sep. 24, 2012, 9 pgs. |
International Search Report and Written Opinion received in PCT Application No. PCT/US2012/024367, mailed Jul. 16, 2012, 10 pgs. |
International Search Report and Written Opinion received in PCT Application No. PCT/US2012/031542, mailed Sep. 27, 2012, 9 pgs. |
International Search Report and Written Opinion received in PCT Application No. PCT/US2012/065066, mailed Jul. 16, 2012, 9 pgs. |
Sun Microsystems, "Sun Cryptographic Accelerator 4000", Firmware Version 1.1, FIPS 140-2 Non-Proprietary, Security Policy, Level 3 Validation, Aug. 6, 2004, pp. 1-20, . |
Sun Microsystems, "Sun Cryptographic Accelerator 4000", Firmware Version 1.1, FIPS 140-2 Non-Proprietary, Security Policy, Level 3 Validation, Aug. 6, 2004, pp. 1-20, <oracle.com/technetwork/topics/security/140sp457-160924.pdf>. |
Supplementary Partial European Search Report, European Patent Application No. 12814434.2, Jan. 28, 2016, 10 pages. |
Yang, et al; "Improving Memory Encryption Performance in Secure Processors", <http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=1407851 > On pp. 630-640; vol. 54; Issue: 5, May 2005. |
Yang, et al; "Improving Memory Encryption Performance in Secure Processors", On pp. 630-640; vol. 54; Issue: 5, May 2005. |
Yao, et al.; "Calibrating On-chip Thermal Sensors in Integrated Circuits; A Design-for-Calibration Approach", Springer Science+Business Media, LLC 2011, Sep. 21, 2011. |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170250909A1 (en) * | 2015-01-22 | 2017-08-31 | Hewlett Packard Enterprise Development Lp | Router to send a request from a first subnet to a second subnet |
US10419339B2 (en) * | 2015-01-22 | 2019-09-17 | Hewlett Packard Enterprise Development Lp | Router to send a request from a first subnet to a second subnet |
US10318438B1 (en) * | 2017-12-07 | 2019-06-11 | Nuvoton Technology Corporation | Secure memory access using memory read restriction |
CN109901793A (en) * | 2017-12-07 | 2019-06-18 | 新唐科技股份有限公司 | Memory-safe devices and methods therefor |
TWI691842B (en) * | 2017-12-07 | 2020-04-21 | 新唐科技股份有限公司 | Secure memory access using memory read restriction |
CN109901793B (en) * | 2017-12-07 | 2022-06-10 | 新唐科技股份有限公司 | Memory security device and method thereof |
Also Published As
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9483422B2 (en) | Access to memory region including confidential information | |
US11734199B2 (en) | Enforcing memory operand types using protection keys | |
US10628613B2 (en) | Cryptographic operations for secure page mapping in a virtual machine environment | |
KR102017828B1 (en) | Security management unit, host controller interface including the same, method for operating the host controller interface, and devices including the host controller interface | |
US6681304B1 (en) | Method and device for providing hidden storage in non-volatile memory | |
US6851056B2 (en) | Control function employing a requesting master id and a data address to qualify data access within an integrated system | |
US9853974B2 (en) | Implementing access control by system-on-chip | |
TWI606364B (en) | System-on-chip processing secure contents and mobile device comprising the same | |
KR101378639B1 (en) | Security protection for memory content of processor main memory | |
US9081724B2 (en) | Method and device for protecting memory content using first and second addressable storage regions and first and second encryption keys | |
CN103377349A (en) | Security controlled multi-processor system | |
CN108090366B (en) | Data protection method and device, computer device and readable storage medium | |
JP2008047129A (en) | Data processing apparatus and system control register protecting method | |
US20210089684A1 (en) | Controlled access to data stored in a secure partition | |
CN104318176A (en) | Terminal and data management method and device thereof | |
KR20180026719A (en) | Separation of Software Modules by Controlled Encryption Key Management | |
WO2016053407A2 (en) | Speculative cryptographic processing for out of order data | |
US20180268127A1 (en) | Methods and apparatus for controlling access to secure computing resources | |
US10592663B2 (en) | Technologies for USB controller state integrity protection | |
US20190138755A1 (en) | Technologies for filtering memory access transactions received from one or more i/o devices | |
Ahn et al. | Countermeasure against side-channel attack in shared memory of trustzone | |
US20120311285A1 (en) | Method and System for Context Specific Hardware Memory Access Protection | |
US11366895B2 (en) | Mitigating side-channel attacks using executable only memory (XOM) | |
US20240078326A1 (en) | Technique for providing a trusted execution environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P., TEXAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HADLEY, TED A;REEL/FRAME:034136/0895 Effective date: 20120131 |
|
AS | Assignment |
Owner name: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP, TEXAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.;REEL/FRAME:037079/0001 Effective date: 20151027 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: ENTIT SOFTWARE LLC, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP;REEL/FRAME:042746/0130 Effective date: 20170405 |
|
AS | Assignment |
Owner name: JPMORGAN CHASE BANK, N.A., DELAWARE Free format text: SECURITY INTEREST;ASSIGNORS:ENTIT SOFTWARE LLC;ARCSIGHT, LLC;REEL/FRAME:044183/0577 Effective date: 20170901 Owner name: JPMORGAN CHASE BANK, N.A., DELAWARE Free format text: SECURITY INTEREST;ASSIGNORS:ATTACHMATE CORPORATION;BORLAND SOFTWARE CORPORATION;NETIQ CORPORATION;AND OTHERS;REEL/FRAME:044183/0718 Effective date: 20170901 |
|
AS | Assignment |
Owner name: ENTIT SOFTWARE LLC, CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A. (AS SUCCESSOR TO BANK OF AMERICA, N.A.);REEL/FRAME:047297/0843 Effective date: 20181023 Owner name: ENTIT SOFTWARE LLC, CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A. (AS SUCCESSOR TO BANK OF AMERICA, N.A.);REEL/FRAME:047299/0055 Effective date: 20181023 |
|
AS | Assignment |
Owner name: NIBC BANK N.V., NETHERLANDS Free format text: SECURITY INTEREST;ASSIGNOR:UTIMACO INC.;REEL/FRAME:048240/0281 Effective date: 20190204 |
|
AS | Assignment |
Owner name: UTIMACO INC., CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:NIBC BANK N.V., AS SECURITY AGENT;REEL/FRAME:050135/0404 Effective date: 20190822 |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
FEPP | Fee payment procedure |
Free format text: SURCHARGE FOR LATE PAYMENT, LARGE ENTITY (ORIGINAL EVENT CODE: M1554); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 4 |
|
AS | Assignment |
Owner name: MICRO FOCUS LLC (F/K/A ENTIT SOFTWARE LLC), CALIFORNIA Free format text: RELEASE OF SECURITY INTEREST REEL/FRAME 044183/0577;ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:063560/0001 Effective date: 20230131 Owner name: NETIQ CORPORATION, WASHINGTON Free format text: RELEASE OF SECURITY INTEREST REEL/FRAME 044183/0718;ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:062746/0399 Effective date: 20230131 Owner name: MICRO FOCUS SOFTWARE INC. (F/K/A NOVELL, INC.), WASHINGTON Free format text: RELEASE OF SECURITY INTEREST REEL/FRAME 044183/0718;ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:062746/0399 Effective date: 20230131 Owner name: ATTACHMATE CORPORATION, WASHINGTON Free format text: RELEASE OF SECURITY INTEREST REEL/FRAME 044183/0718;ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:062746/0399 Effective date: 20230131 Owner name: SERENA SOFTWARE, INC, CALIFORNIA Free format text: RELEASE OF SECURITY INTEREST REEL/FRAME 044183/0718;ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:062746/0399 Effective date: 20230131 Owner name: MICRO FOCUS (US), INC., MARYLAND Free format text: RELEASE OF SECURITY INTEREST REEL/FRAME 044183/0718;ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:062746/0399 Effective date: 20230131 Owner name: BORLAND SOFTWARE CORPORATION, MARYLAND Free format text: RELEASE OF SECURITY INTEREST REEL/FRAME 044183/0718;ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:062746/0399 Effective date: 20230131 Owner name: MICRO FOCUS LLC (F/K/A ENTIT SOFTWARE LLC), CALIFORNIA Free format text: RELEASE OF SECURITY INTEREST REEL/FRAME 044183/0718;ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:062746/0399 Effective date: 20230131 |